Scammers looking to flog cheap software have hacked Web pages on high-profile websites, including those belonging to NASA and Stanford University.
NASA, just a week away from its penultimate space shuttle launch, has now removed dozens of Web pages that popped up on its Jet Propulsion Laboratory website. They were used to flog low-cost versions of Adobe's Creative Suite and other products, according to cached versions of the pages, still viewable on Google.
The scammers loaded up the Web pages with nonsense text (a sample: "Edit buy adobe premiere pro cs4 some callouts and balloons to make this time it took you and saved you a long time") and links to many other hacked pages.
Affected sites included those for NASA, Stanford University, Syracuse University and Northeastern University. NASA had cleaned up its site Monday, but others, including Stanford, had not. Visitors to those sites could encounter the hacked pages even if they weren't looking for cheap software.
Jane Platt, a spokeswoman for NASA's Jet Propulsion Laboratory, said the NASA site was safe to visit, but she declined to comment on the hacking incident because NASA's policy "is not to discuss security matters."
Some of the sites seem to have been hacked so that they pop up in the top results when Web surfers are looking for cheap Adobe software.
It looks like the scammers are trying to make money by generating Web traffic for online retailers, said Mary Landesman, a security researcher with Cisco's ScanSafe group. On some of the sites, visitors who arrive following a Google search are automatically redirected to online retailers.
Google awards a higher ranking to Web pages hosted on trusted, high-profile websites, so by hacking NASA and Stanford's pages, the scammers can generate more traffic for their clients and earn themselves more money in referral fees, she said. "Someone searching for cheap Adobe products is more likely to get those results," she said.
This type of search engine poisoning has been around for years. Hackers often use a Web hacking technique called SQL injection to break into websites, but they can also do this by stealing or guessing passwords.
With NASA set to launch the Space Shuttle Endeavor next week, a lot of people are visiting the space agency's website -- something that makes it only more valuable to hackers, according to Chester Wisniewski, a security researcher with Sophos. Although none of the sites examined Monday contained malicious software, that could easily have been the case, Wisniewski said. "If they were to get malicious code inserted into those pages, it could hurt a lot of people," he said.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address isrobert_mcmillan@idg.com
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
vulnerablity
